hurd: support: Fix running SGID tests

Secure mode is enabled only if SGID actually provides a new privilege,
so we have to drop it before gaining it again.

Fixes commit 3a3fb2ed83f79100c116c824454095ecfb335ad7
("Fix error reporting (false negatives) in SGID tests")

diff --git a/support/support_capture_subprocess.c b/support/support_capture_subprocess.c
index b4e4bf95026f1194fd168184c432a01425874eed..c89e65b5349083435ba03181c77a7cb12e9c7c56 100644 (file)
--- a/support/support_capture_subprocess.c
+++ b/support/support_capture_subprocess.c
@@ -133,6 +133,27 @@ copy_and_spawn_sgid (const char *child_id, gid_t gid)
   if (chmod (execname, 02750) != 0)
     FAIL_UNSUPPORTED ("cannot make \"%s\" SGID: %m ", execname);
 
+  /* Now we can drop the privilege of that group.  */
+  const int count = 64;
+  gid_t groups[count];
+  int ngroups = getgroups(count, groups);
+
+  if (ngroups < 0)
+    FAIL_UNSUPPORTED ("Could not get group list again for user %jd\n",
+                     (intmax_t) getuid ());
+
+  int n = 0;
+  for (int i = 0; i < ngroups; i++)
+    {
+      if (groups[i] != gid)
+       {
+         if (n != i)
+           groups[n] = groups[i];
+         n++;
+       }
+    }
+  setgroups (n, groups);
+
   /* We have the binary, now spawn the subprocess.  Avoid using
      support_subprogram because we only want the program exit status, not the
      contents.  */